Welcome, everybody, to RFID hacking, live free or RFID hard.
My name is Fran Brown.
I'm a managing partner at Bishop Fox, formerly Stack & Lou.
We just rebranded it and got some exciting stuff to show you guys here today.
I'm just going to get right into it.
Basically what I want to go over today is to cover practical advice on successfully
performing a penetration test of an RFID physical security system.
A little bit of background behind this.
About a year ago, I was doing an assessment of an electric utility, and I needed to get
to their SCADA network, which was only accessible from two buildings.
So I needed to break into a building.
That's how it all started.
That was my goal.
So I started looking into different RFID presentations that have been in the past.
Unfortunately, there was no hacking-exposed RFID that just let me know what I would need
to know to be able to break into a building.
So I watched all the past presentations I could find, anything I could find, and after
a couple days, I realized I was no closer to achieving my objective than I was when
I started.
Most of the presentations in the past discussed tools that weren't released or were more theoretical.
They didn't give me...
They didn't give me exactly what I needed to know to be able to break into a building.
So that's what I hope to cover here today, and I'm going to finish up with practical
defenses as well so you know how to protect yourself.
So breaking it down, it's a pretty simple methodology.
When I want to do an RFID penetration test, it just boils down into three simple steps.
First, steal somebody's badge information without them realizing it while walking by
them.
Two, taking that information.
And making a clone of their card.
And then three, going into the building that I want to break into.
And possibly planning a back door so I don't have to stay there very long.
Seems pretty simple.
But the thing that I soon realized that step one was a little bit difficult because most
of the tools out there required you to get within a couple centimeters to be able to
successfully steal someone's badge information out of their pocket or their purse or what
have you.
So that kind of led to what I like to call the ass-grabbing method of RFID hacking.
These are all from different presentations, YouTube videos, things I've seen in the past
where the people go on and on about how insecure it is and how easy it is to steal somebody's
badge information and then they have things like this where they're walking up and grabbing
people's asses with a Proxmark run down their sleeve with a big CD-sized antenna and walking
around ass-grabbing.
I don't know how many times you could potentially do that, walk around a target facility and
start grab-assing before you actually get caught.
I imagine maybe once or twice.
So this wasn't a realistic thing for me.
This isn't going to work.
I'm not sure what I could do at this point.
But there's not really any tools that are out there that would allow me to realistically
be able to pull this type of attack.
So I started looking into my own custom solutions, and with that I'm going to do a couple quick
videos that I think demonstrate the limitations as well as our tools for stealing for step
one there and making a clone of a card just to show how easy it is now to be able to pull
this off and steal someone's badge number and then break into a building.
So I'm going to go to ‑‑
Can you guys see that okay?
By far the most popular.
So in this first one, this is kind of demonstrating ‑‑ how many of you here are familiar with
the Proxmark 3?
It's probably, you know, number one tool you could buy.
It's actually really great for a lot of purposes.
Sorry about that.
It's too much for the microphone.
But as you'll see here, it also has ‑‑
This is the Proxmark.
This is a RFID hacking tool you could buy, by far the most popular.
We have ‑‑ it's plugged into my laptop here via USB, and then via another cable,
there's the antenna.
And we see that right now we are running the Proxmark, and we have it in listening mode.
It's trying to read right now.
So as we can see, it still does not see the card, even at this range.
So I'll keep going down, keep going down, getting closer to the antenna.
Closer still until ‑‑ there we go.
6339.
We have to be within probably about an inch right here before it actually starts picking
up the badge information.
6339.
So this is about how close you have to get to somebody on their person to be able to
effectively use this tool to steal their information, which is a little too close for
comfort.
If you ask me.
So I mean, how many people here have pulled off successful penetration tests with the
Proxmark or whatever existing tools that are out there?
Handful of people?
I guess you could, but you saw the antenna, and it's about the size of a CD, and typically
people would run it down their sleeve and have the CD and try to go up and guess where
the person has their badge on them to begin with, if you don't know which pocket it is,
you know.
So I saw a few things where people had posted custom solutions that they had done.
They didn't really release code or, you know, practical advice on how to put it together,
so I kind of had to do my own thing.
It will be up on the Web site tomorrow, but my goal here was to make it so that I can
create a tool that security professionals who, you know, don't know a lot about RFID
or have an electrical engineering background can use.
Or, you know, are going to build their own custom antennas.
This is your average security professional who wants to be able to perform this kind
of pen test so they can get up and running realistically quickly.
So ‑‑
Wouldn't it be great if there was a tool that took that step one that allowed us to
secretly steal this information without having to go up and grab somebody's butt?
So ‑‑
Okay.
So, we have a tool that we call the Tastic Long Range RFID Stealer.
As a crazy random happenstance, we do have such a tool.
6339 again.
If we look to my left here, this is what I'm calling the Tastic Long Range RFID Stealer.
Any Dr. Harper fans here?
From my company, Bishop Fox.
And we see here it's just a weaponized commercial reader.
So, we'll go ahead and throw that up there.
And you can see it's a 26-bit card.
And again, Pesodico 113 and card number 113.
6339.
So, it outputs it to the screen nice as well.
I'm clearly a few feet away right now.
And with this, I can steal the information without having to go up and grab somebody's
butt.
So, taking a little quicker look at what this tool is actually doing and how the circuit
board comes into play.
I'm going to turn this off.
And we can see that it's working.
So, you can see that it is about a foot by a foot and only an inch deep.
Extremely light, portable, have a missile switch on the back here, which I was using
to not accidentally turn it on, things like that.
It's completely self-powered and portable.
So, what you would do is take this, put it in your messenger bag or backpack or briefcase,
walk around with it.
Walk by somebody.
Somebody from up to three feet away and pick up their badge information, which is much
better than grabbing butts up here.
Now it is right up to the screen, but we actually see it's easy to take apart here.
Just a single screw in the front, thumb screw that I can just twist out.
And take the lid off.
And what we have here is this is a long-distance commercial badge reader, the kind that you
would find in parking lots so that you don't have to get out of your car.
You can just roll it on your window and reach your arm out of the car window and hold your
badge out and get it picked up.
So, it's meant to be picked up from several feet away.
All of this was in here to begin with.
All I did was add the LCD screen.
I'm going to turn this off.
I'm going to turn this on.
You can see the batteries to self-power it.
And you will recognize this circuit board here, which you have without all of the things
already installed.
It has all the logic, the code behind it will be on our website for you to download
as well.
And this is just an Arduino controller that you can buy online on Amazon, Radio Shack,
as well as just some resistors and a few things there you can pick up anywhere.
We'll have detailed instructions on the website on how to recreate it.
this, which is our main goal here. And finally we see we have a micro SD card, which not
only was it writing it, but it was actually writing it to the SD card in cards.txt, the
text file. So pretty cool.
Basically ‑‑ thank you. Thank you. So, you know, for those who are really attached
to it, the ass grabbing methodology is still at your disposal if that's what you want to
do. But this, I think, is a much better solution. And as you can see, it's super light, got
just self‑powered, completely portable, picks it up from a couple feet away as opposed
to a centimeter or two. And, yeah, so effectively this was my attempt at solving that step one
of those three steps.
And then I just have one more video, which shows you step two, which I mentioned I like
the Proxmark, but this will show you the output of a ‑‑
I'm going to pop it into my laptop. It should come up over here.
So we should see the SD card came up that I pulled from our long‑range RFID stealer.
Check that out. And we see that there's a single file, cards.txt, just a simple text
file. I click on that.
Okay.
And we see here we scanned it a few times. It's a 26‑bit card. Here is the hexadecimal
notation for that badge information. We actually decoded it for you. It's facility code 113
and badge number 6339 as we saw printed on the card. We actually have the binary as well.
So now we've successfully completed step one.
And we can see that we've taken this silently stealing badge information and made it a realistic
possibility where we can, from three feet away, casually walk by you and steal the
information. Now that we have that, we can use tools like the Proxmark to quickly create
a clone, fake version of your badge so that we can go use it. And that is extremely easy.
It's a single command. We already have the Proxmark set up here. So what we're going
to do is ‑‑
I'm going to go ahead and copy the hexadecimal version of this badge, 6339.
Click copy. And we're going to come back to our Proxmark here. Now the Proxmark is in
read mode right now. So by hitting this button I'll stop that.
So now we have the badge information from our tool, just this hexadecimal value. And
we're going to do this.
So let's take this programmable T557 card, which is a programmable card that doesn't
read like anything right now. And we can turn this ‑‑ this is just a sticky note.
It's clearly not the 6339 badge. Let's put a post it on there. It's programmable. So
I just lay that on top of the antenna here. And if we look right here, all I'm going to
do is type in ‑‑
Okay.
LF. For low frequency. Hid. Because it's a hidden card. Clone. Space. And then I'm
just going to paste in that value we took from our cards.txt file. And click enter.
And we see cloning tag with that value that we stole done. So right now this card ‑‑
Okay.
LF. Is functionally an exact duplicate of the card that we stole. 6339. So let's
test it out. So we have our original, again, badge number 6339. We have the original
card 6339. And it's a prox card, too. Go over here. 6339 still. Now we take our clone
card, this card, which is clearly not that same card. It just has my sticker on it that
was just programmed.
LF. That's my third grade handwriting on there.
LF. We come up to it. Badge 6339. Facility code 113. 26-bit card. So now we've
successfully stolen and now made a fake copy of this person's badge.
LF. Cool.
.
. . . . . . . . . . . . . . . . . . . . .
LF. So pretty easy now, right? Hopefully you guys can get up and running with this
kind of tool. And it's ‑‑ at this point I've been able to train some of our consultants
to do it now in about ten minutes. Here's the on switch, which is also the off switch.
On the back, you know, go forth and prosper. So with that, what we're talking about here
is low frequency.
I saw with some of the articles that came out people were posting links to high frequency
long range antennas and things like that.
But we're talking the 125 kilohertz low frequency technology for physical security systems.
And looking at that, people have known about these issues for quite some time.
But the interesting thing to me was that no one has really done anything about it yet.
This came from HID Global directly from a post they had recently saying that 70 to 80
percent of physical security systems out there still use this legacy low frequency technology
that we're exploiting here.
Despite us having known for quite some time.
And they admit that there's no security, they've been hacked, we know this, they're not resistant
to any of these kind of common attacks, yet they still persist.
And then just looking at that, one of the motivations behind doing this talk is that
actually after creating the tools was I noticed that, you know, we see in Chris Pagent's talk
from 2007, you know, it couldn't be any simpler.
If you're using this technology for your doors, you're highly insecure.
It's a big bullet, that's it.
That's 2007.
And those quotes came from this blog post in June of 2013.
So from 2007 to 2013, we've made about zero progress in terms of upgrading these physical
security systems.
And that blog post is out there.
It's actually pretty interesting.
It goes on to talk about some of the reasons why the physical security product life cycle
is about 20 years, they estimate.
So most of the things out there were bought in the early 90s.
HID offers more secure solutions, but people bought and installed products from 20 years
ago and are just more than happy with it.
So for some extent it's ignorance on the part of the people making the purchase decisions.
They just don't realize.
That these things are this insecure.
As well as there's budget issues.
So what we're looking at here is a basic breakdown of what's happening for a badging
system for a door.
There's four main components.
And coincidentally, if we're thinking about doing a pen test, those are the four areas
that we'll want to target.
So with this attack, we're targeting the card directly.
We're going to the local Starbucks near a building we want to break into.
Hanging out in the smoke area or something like that and targeting the cards that are
on somebody's person.
These cards, basically when they come within near distance of a reader like this, the
reader powers it and it just starts singing out 26 to 37 ones and zeros.
That's it.
As soon as it gets powered, it just starts singing this out, depending on what they have.
And then the reader just reads these off the air and then encodes them in protocol, which
I'll talk about in a little bit.
And just forwards them on to the controller to make the decision about whether to open
the door or not.
And then you have the host PC where a physical security guard will be sitting at to add new
users and monitor, you know, cameras and things like that.
So in breaking this down, in doing this initial research, it was like pulling teeth.
I mean, just trying to understand what was going on with these things, what's written
on the card.
How far away can I be?
Every question that would jump to your mind if you didn't know anything about RFID hacking,
it would be like the 130th Google hit or some random product manual that I found the answer
in.
So I tried to compile as much of them as I could here to make it easy.
But one of the questions that come up is if I saw somebody's badge, if I looked at the
number on the back, is that enough information for me to make a fake copy of it?
You know, if you went on Google images and somebody took a picture and you saw their
badge number, could you make a copy of that?
The short answer is maybe if they're ‑‑ so basically those 26 to 37 ones and zeros
that sings out the card when it comes in your reader, those eventually get interpreted
by a controller.
And the way they get interpreted is basically what they call the card format, which typically
breaks down into your card ID and a facility code.
What's written on the card is the card ID.
ID, which is part of what you need. If they're using a standard 26‑bit card, then there's
only 255 possible facility codes. So technically with that, I could just try that card number
and facility code 1, facility code 2, facility code 3, and pretty quickly be able to brute
force based on what you visually see on the card. If they implemented like a 35‑bit
card or something, then it wouldn't be as easy to do.
There's also ‑‑ you'll typically see on these cards one number and then a space
and then a longer number. That longer number is just a sales order number. I found it in
a product manual. If you want to buy more cards, when you call the sales guy, you read
them that number. It has nothing to do with authentication or getting you in the door
or anything like that. So good to know. And this is what I'm talking about with the ‑‑
so in reading this as well, it's ‑‑ I saw things from 20 ‑‑ your standard
26‑bit card or your corporate 35‑bit card. And then you hear that they're 44‑bit
cards. And then in the prox marks, you see typically when tools that are accessing them
are 10 hexadecimal digits, which is only 40‑bits. So what exactly is going on with
the card was a little confusing to me because people didn't really make it clear. So just
to make it clear what's actually going on, it sings out 26 to 37‑bits in the air. It's
always 44 bits on the card. And when we see here ‑‑ I scanned this in from a product
manual and put the notation in there myself. Typically the ‑‑ or always the first
hexadecimal will be a zero, which usually gets dropped, which is why you see it as 10.
You see the full version there of 11 hexadecimal digits, but starting with a zero. So what
happens is there's always 44 bits on the card, which you see out there. The standard
26‑bit is what you see on the right. And then there ‑‑ it's starting to change.
It starts ‑‑ come on, man. Everyone look at that guy with the stare.
So it's always ‑‑ every single card, it starts with six zeros and a one. Every single
card. Six zeros and a one. And then there's a buffer of ten zeros, and then a parity or
sentinel bit, and then your 26‑bits. So if you have a 35‑bit card or anything up
to 37, all it does is extend to the left there.
And that buffer of those ten zeros. And that's the full 44 bits that are on the card. So
mystery solved.
This is on low‑frequency stuff and mainly for breaking into buildings. But the type
of attacks and the techniques that we're going for here are going to only become more applicable
as we go on. We're starting to see them in credit cards in the U.S. now, passports, and
my favorite ‑‑ who here is a Disney fan? Anybody a Disney fan?
Disneyland, Disney World? Yeah, so Disney is going over to RFID for everything. So it's
going to be fun, experiments, some field research. Get some fast passes to get to the front
of the lines and things like that. You see the band there on somebody's wrist. Everything
from getting in the front door of Disney World to getting your fast passes for the rides
to paying for things to your hotel room are all going to be ‑‑ it's all RFID‑based.
They're rolling it out right now. So these things are just ‑‑ you know, people are
finding more and more uses for RFID technology that are going to be fun to do pen tests for.
A couple of the tools that you want to have in your arsenal, besides our tool here, I
would definitely recommend the Proxmark. You can get cheaper versions, but the nice
Palace version is $3.99. You can use it, as we saw in the one video, for making clone
cards. It has all kinds of purposes that are great for doing RFID hacking.
It does have a single button on it. See that workflow there? One crazy workflow for the
single button on top of the Proxmark which is a little fun. It's like standing on one
foot and hold the button for four and a half seconds until it blinks red and orange and
then hold it longer. That's literally the one button's workflow. Which is pretty cool.
Another cool thing with the Proxmark is there's a tool called the ProxBrute. Have any of
you guys heard of the ProxBrute before? A handful of people. I don't know if you have.
So the ProxBrute is just custom firmware that someone from McAfee, a guy named Brad, released
that you can load onto the ProxMark and use it to do brute forcing.
So each of these badges, we saw the card number and facility code.
Once you have a valid badge, if you stole maybe just a normal worker's badge information
to get in the front door, but you want to get in the data center and that person didn't
have access.
Well, the card numbers themselves are sequential.
So you could use this tool and the ProxMark will simulate being a badge and it will try
that number, the next badge number, the next badge number.
So it will allow you to brute force a different badge number to get into a data center or
more secure area than the actual badge that you stole, which is great.
And it has a similar crazy work flow for that one button which is altered there.
Let's see.
Also, there's Adam Lorry's stuff, the RF Idiot scripts.
So Adam Lorry has done a bunch of talks over time, has compiled a bunch of different Python
scripts for doing RFID hacking and he just keeps adding to them for all sorts of different
purposes.
So I would definitely recommend checking that out.
As well as one convenience is that the software, it all comes loaded on backtrack.
So all you need to do is get the equipment, plug the USB in and fire up backtrack.
And you could be up and running and doing some stuff pretty quickly.
These are extremely cool.
Has anyone seen these tools before from RFIdeas?
I don't typically ‑‑ I don't think I've ever seen this in a security presentation
on RFIdea.
I happened to just stumble across it.
And basically it's just two little USB sticks about that size.
It requires no software.
It's for field testing, for people that install this type of equipment.
And basically one of the questions that I had that I wanted to answer was, you know,
what if I don't know what kind of card this is?
What if I don't know what technology it's using?
Take the Disney example.
The Disney stuff doesn't have identifying ‑‑ it has all Walt Disney stuff on their cards.
It doesn't have what kind of card it actually is.
So if I wanted to figure out what technology it was, I would use these things.
They have a high frequency and a low frequency little USB stick.
You plug it in.
You open up notepad.
You lay a card on top of it and click print screen and in notepad it will tell you not
only what the badge information is.
But exactly what technology it is.
Which matters for being able to understand what kind of tools you're going to need to
break into it.
Pretty cool.
And then, again, this is our tool, again, which you saw the demonstration of already.
I programmed in there, you see a 35‑bit card.
Basically you'll be able to get one of those circuit boards I'm about to give out or go
to our Web site.
I should be up tomorrow.
Download the code that you could send away to anyone that makes circuit boards and for
about 30 bucks they'll send you a copy.
Then you buy the parts that you need, load the code that we have, it will be on our Web
site and be up and running.
You essentially plug this into any RFID reader that there is for any of the technologies.
So as we'll see, simple missile switch in the back.
Easily from three feet away.
Okay.
I designed it ‑‑ what I'll be releasing ‑‑ I designed it in Fritzing.
How many of you are familiar with Fritzing?
Anybody?
Play around with it.
Which allows us ‑‑ I'll be releasing that and you can actually export it to extend
a Gerber to send away to actually get the board.
That's a picture of the board that I'll be giving away after the talk.
And essentially you could take this board and it just basically has two inputs and two
outputs.
It's taking in the output of a reader.
Like this one here.
It's taking in the output of a reader.
It's taking in the batteries and it's outputting the badge number to a screen and to a text
file on the card.
That's as simple as you can think of how the board is working.
And it's tapping that output of the reader is this output that I mentioned earlier which
every single badge reader has this output and they typically use.
So those 26 to 37 ones and zeros, basically there's data one and data zero.
For each one it sends a pulse on data one.
For each zero it sends a pulse on data zero.
And we're just tapping into that.
So essentially you could use this for any type of badge system.
So the two main ones for physical security are HIDprox and IndalaProx for the low frequency
which technically are both owned by the company HID at this point.
But if I held a HID badge up to an Indala reader it wouldn't do anything.
Or if I held an Indala card up to a HID reader it wouldn't do anything.
So between these two long‑distance readers, one of which you see here, you're pretty much
covered with 99% of the badges that people would have out there.
So you can take my board, plug it into the HID reader which we have here, and if you
notice it's not working you can plug it into the long‑distance Indala reader and just
walk around and grab people's Indala cards as well.
You see the proven secure lies written there for Indala.
Indala claims to be more secure and they have a lot of people convinced that it is.
Instead of just singing out the ones and zeros, it does a little bit of obfuscation
which doesn't even matter because if we're using an actual Indala reader like we are,
it does all the decoding for you.
So it's very easy to do and we've made fake versions.
So both of these are just as susceptible.
And finally, I just plugged in with the Arduino an SD card and running it to a text file
for ease.
But there are plenty of Arduino add‑ons.
You can imagine when you play around with an add‑next from adding Bluetooth capabilities
so I could see the badges on my phone as they're being read or even cell phone capability
to have a text message mean every badge that it sees if I leave it somewhere else.
These things would be relatively easy to add on to this type of technology.
Joppa no eaves, Mr. Gandalf.
Basically, if you guys are aware of any tools that do this attack, you can let
me know.
I've heard people talk about it in theory in some Ph.D. papers, but the distance limitation
that we're now getting with three feet and what centimeters before is due to powering
the card, not actually reading the ones and zeros that it's singing out.
So people have talked about if you leave something near the front door of an actual building
and you let the real reader of that door power their card, you can listen for those
ones and zeros from further away.
And I know that Chris Pageant's talk, he had mentioned being able to get up to ten
feet with this in this passive mode, letting someone else power it.
This tool obviously never was released due to legal reasons, I believe, and I haven't
seen any other tools that actually successfully do it, but it is something to be aware of
in terms of getting further distance still.
Making a copy of the card, I mentioned this in the video, what you would want to get are
these T55X7 cards, they're like a dollar, you can buy them online.
Just a note, all these slides, my notes sections are like white papers, links to everything
you would want for each topic are in there and I'll have links to where you can buy these.
But these things are not blank cards, they're programmable cards, so they'll simulate the
data and behavior of any type of card.
What I meant by when I mentioned a HID card wouldn't work with Indala and an Indala card
wouldn't work with HID.
These cards can behave like an Indala card or they can behave like a HID card, so they
can simulate any type of card and the data on them.
So I mean they're definitely something you want to have in your arsenal and you can reprogram
them as much as you want to be your fake versions of cards.
Finally if people start using RFID blocking wallets and stuff like that, we have to move
down the line of what we're attacking, there are things out there where you can pop open
the lid of the reader.
There's a man in the middle tool called Gecko where you plug it in the reader and as people
badge in it's writing them all to something as well.
I didn't really design my circuit board to be used in that way, but I realized afterwards
with a little minor alterations, you could use that circuit board, all I'm doing is tapping
into the output of a real reader.
You could take that circuit board, go to the front of a building you're trying to break
into, pop the lid off, insert it.
And have it sit there and record all the other real badges that are coming through
that reader.
So you could use it in this way as well.
And this Brad, I'll butcher his last name in, from McAfee, the guy that actually made
that ProxBrute software I'm talking about, he has a project here that you can see where
he's come up with tons of scripts and things to attack the readers and attack the controllers
directly, which are pretty cool.
I would recommend checking out.
Lastly, once you get in, you want to not be in the building any longer than you have
to be.
So I recommend ‑‑ I don't know if you're familiar with the Pwn plug.
It's just going to be your personal VPN, your back door into their network.
It's $1,000 for the regular Pwn plug and $1,500 for the power Pwn.
It's pretty cool looking.
It's a little hefty.
I would recommend a lot of people are coming out with images for the Raspberry Pi that
allow them to effectively do the same exact thing.
Even from Pony Express, the people that make the Pwn plug, you have the Raspberry Pwn, the
rogue Pi, the Pwn Pi.
So for $35 instead of $1,500, you can create your own little back door to be on the network.
And you see there, people use hollowed out old laptop chargers, things like that, put
the Raspberry Pi in it to be their own little back door, which is pretty cool.
I think we're just about done.
I'm going to skip the defenses.
Avoid being probes.
I don't know if this will help you out or not, but it's very fashionable.
So I would recommend upgrading your systems, if possible, to the contactless smart cards,
the high frequency stuff.
These things can do challenge response, authentication, have encryption.
There's more secure products out there.
If you're a company that has 100,000 employees, placing everybody's badges and every single
door out there might be not that realistic.
At least in any kind of good time frame.
So in order to get around that, what I would recommend is changing, using things like anomaly
detection software so that if I badge in at 8 in the morning every morning, but all
of a sudden I'm badging in at 4 in the morning in a building I never go to, you can have
it generate an alert and flag you.
Also you have the protective sleeves that I'll talk about more in a second.
But you want to not wear your badge in prominent view.
So I can't make a realistic-looking picture of it.
Security screws that prevent people from easily popping the lid off your reader on your door
instead of just normal screws.
And there's also some of your readers have to check with tamper detect mechanisms that
will send an alert if someone is messing with the reader.
And then finally the last slide is that those protective sleeves that you would get, some
of them work and some of them don't.
So before you buy 100,000 of them for your employees, make sure that it works.
This is a new product.
It's a green card protective sleeve which one of our employees is from Scotland, a very
charming fellow, and he has this green card which has RFID in it and it has this sleeve
that you should keep it in at all times to prevent communication with your card.
It doesn't work at all.
It's probably just a piece of paper.
So I don't know how they got over selling that to the federal government for every single
green card.
But it doesn't work at all.
And in my experience, there's no rhyme or reason.
It's about half of them work, half of them don't.
So get a sample, test it out before you buy them and vote for your company.
And that's it.
.
